package net.m2technologies.open_arm.utilities.guid;

/*
 * Adapted from .... RandomGUID
 * @version 1.2.1 11/05/02
 * @author Marc A. Mnich
 *
 * From www.JavaExchange.com, Open Software licensing
 *
 * 11/05/02 -- Performance enhancement from Mike Dubman.
 *             Moved InetAddr.getLocal to static block.  Mike has measured
 *             a 10 fold improvement in run time.
 * 01/29/02 -- Bug fix: Improper seeding of nonsecure Random object
 *             caused duplicate GUIDs to be produced.  Random object
 *             is now only created once per JVM.
 * 01/19/02 -- Modified random seeding and added new constructor
 *             to allow secure random feature.
 * 01/14/02 -- Added random function seeding with JVM run time
 *
 */

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;

/*
 * In the multitude of java GUID generators, I found none that
 * guaranteed randomness.  GUIDs are guaranteed to be globally unique
 * by using ethernet MACs, IP addresses, time elements, and sequential
 * numbers.  GUIDs are not expected to be random and most often are
 * easy/possible to guess given a sample from a given generator.
 * SQL Server, for example generates GUID that are unique but
 * sequencial within a given instance.
 *
 * GUIDs can be used as security devices to hide things such as
 * files within a filesystem where listings are unavailable (e.g. files
 * that are served up from a Web server with indexing turned off).
 * This may be desireable in cases where standard authentication is not
 * appropriate. In this scenario, the RandomGUIDs are used as directories.
 * Another example is the use of GUIDs for primary keys in a database
 * where you want to ensure that the keys are secret.  Random GUIDs can
 * then be used in a URL to prevent hackers (or users) from accessing
 * records by guessing or simply by incrementing sequential numbers.
 *
 * There are many other possiblities of using GUIDs in the realm of
 * security and encryption where the element of randomness is important.
 * This class was written for these purposes but can also be used as a
 * general purpose GUID generator as well.
 *
 * RandomGUID generates truly random GUIDs by using the system's
 * IP address (name/IP), system time in milliseconds (as an integer),
 * and a very large random number joined together in a single String
 * that is passed through an MD5 hash.  The IP address and system time
 * make the MD5 seed globally unique and the random number guarantees
 * that the generated GUIDs will have no discernable pattern and
 * cannot be guessed given any number of previously generated GUIDs.
 * It is generally not possible to access the seed information (IP, time,
 * random number) from the resulting GUIDs as the MD5 hash algorithm
 * provides one way encryption.
 *
 * ----> Security of RandomGUID: <-----
 * RandomGUID can be called one of two ways -- with the basic java Random
 * number generator or a cryptographically strong random generator
 * (SecureRandom).  The choice is offered because the secure random
 * generator takes about 3.5 times longer to generate its random numbers
 * and this performance hit may not be worth the added security
 * especially considering the basic generator is seeded with a
 * cryptographically strong random seed.
 *
 * Seeding the basic generator in this way effectively decouples
 * the random numbers from the time component making it virtually impossible
 * to predict the random number component even if one had absolute knowledge
 * of the System time.  Thanks to Ashutosh Narhari for the suggestion
 * of using the static method to prime the basic random generator.
 *
 * Using the secure random option, this class compies with the statistical
 * random number generator tests specified in FIPS 140-2, Security
 * Requirements for Cryptographic Modules, secition 4.9.1.
 *
 * I converted all the pieces of the seed to a String before handing
 * it over to the MD5 hash so that you could print it out to make
 * sure it contains the data you expect to see and to give a nice
 * warm fuzzy.  If you need better performance, you may want to stick
 * to byte[] arrays.
 *
 * I believe that it is important that the algorithm for
 * generating random GUIDs be open for inspection and modification.
 * This class is free for all uses.
 *
 *
 * - Marc
 */

public class RandomGUID {

    private String valueBeforeMD5 = "";
    private String valueAfterMD5;
    private static Random myRand;
    private static SecureRandom mySecureRand;

    private static String id;
    private static final int SHIFT_SPACE = 0xFF;
    private static final int ZERO_TEST = 0x10;
    private static final char CHAR_ZERO = '0';
    private static final char SEMI_COLON = ':';
    private static final char DASH = '-';
    private static final int GUID_SUBSTRING_ELEMENT_1 = 12;
    private static final int GUID_SUBSTRING_ELEMENT_2 = 16;
    private static final int GUID_SUBSTRING_ELEMENT_3 = 20;
    private static final int TEST_LIMIT = 100;

    /*
     * Static block to take care of one time secureRandom seed.
     * It takes a few seconds to initialize SecureRandom.  You might
     * want to consider removing this static block or replacing
     * it with a "time since first loaded" seed to reduce this time.
     * This block will run only once per JVM instance.
     */

    static {
        mySecureRand = new SecureRandom();
        final long secureInitializer = mySecureRand.nextLong();
        myRand = new Random(secureInitializer);
        try {
            id = InetAddress.getLocalHost().toString();
        } catch (UnknownHostException e) {
            id = "42";
        }

    }


    /*
     * Default constructor.  With no specification of security option,
     * this constructor defaults to lower security, high performance.
     */
    public RandomGUID() {
        this.valueAfterMD5 = getRandomGUID(false);
    }


    /*
     * Constructor with security option.  Setting secure true
     * enables each random number generated to be cryptographically
     * strong.  Secure false defaults to the standard Random function seeded
     * with a single cryptographically strong random number.
     */
    public RandomGUID(final boolean secure) {
        this.valueAfterMD5 = getRandomGUID(secure);
    }

    /**
     * Extra constructor added for OpenArm -- here, we presume that you know what you're doing.  The value passed as a
     * byte array will simply be stored here, and represented as a String.
     *
     * @param bytes
     */
    public RandomGUID(final byte[] bytes) {
        this.valueAfterMD5 = new String(bytes);
    }

    public void reset() {
        this.valueAfterMD5 = getRandomGUID(false);
    }

    public void reset(final boolean secure) {
        this.valueAfterMD5 = getRandomGUID(secure);
    }

    /*
     * Method to generate the random GUID
     */
    private String getRandomGUID(final boolean secure) {
        MessageDigest md5 = null;
        final StringBuffer sbValueBeforeMD5 = new StringBuffer();

        try {
            md5 = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }

        try {
            final long time = System.currentTimeMillis();
            final long rand;

            if (secure) {
                rand = mySecureRand.nextLong();
            } else {
                rand = myRand.nextLong();
            }

            // This StringBuffer can be a long as you need; the MD5
            // hash will always return 128 bits.  You can change
            // the seed to include anything you want here.
            // You could even stream a file through the MD5 making
            // the odds of guessing it at least as great as that
            // of guessing the contents of the file!
            sbValueBeforeMD5.append(id);
            sbValueBeforeMD5.append(SEMI_COLON);
            sbValueBeforeMD5.append(Long.toString(time));
            sbValueBeforeMD5.append(SEMI_COLON);
            sbValueBeforeMD5.append(Long.toString(rand));

            valueBeforeMD5 = sbValueBeforeMD5.toString();
            md5.update(valueBeforeMD5.getBytes());

            final byte[] array = md5.digest();
            final StringBuffer sb = new StringBuffer();
            for (int j = 0; j < array.length; ++j) {
                final int bufferIndex = array[j] & SHIFT_SPACE;
                if (ZERO_TEST > bufferIndex) sb.append(CHAR_ZERO);
                sb.append(Integer.toHexString(bufferIndex));
            }

            return sb.toString();

        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public String getValue() {
        return valueAfterMD5;
    }


    public boolean equals(final Object o) {
        if (this == o) return true;
        if (!(o instanceof RandomGUID)) return false;

        final RandomGUID randomGUID = (RandomGUID) o;

        return !(null != valueAfterMD5
                 ? !valueAfterMD5.equals(randomGUID.valueAfterMD5)
                 : null != randomGUID.valueAfterMD5);

    }

    public int hashCode() {
        return null != valueAfterMD5 ? valueAfterMD5.hashCode() : 0;
    }


    /*
     * Convert to the standard format for GUID
     * (Useful for SQL Server UniqueIdentifiers, etc.)
     * Example: C2FEEEAC-CFCD-11D1-8B05-00600806D9B6
     */
    public String toString() {
        final String raw = valueAfterMD5.toUpperCase();
        final StringBuffer sb = new StringBuffer();
        sb.append(raw.substring(0, 8));
        sb.append(DASH);
        sb.append(raw.substring(8, GUID_SUBSTRING_ELEMENT_1));
        sb.append(DASH);
        sb.append(raw.substring(GUID_SUBSTRING_ELEMENT_1, GUID_SUBSTRING_ELEMENT_2));
        sb.append(DASH);
        sb.append(raw.substring(GUID_SUBSTRING_ELEMENT_2, GUID_SUBSTRING_ELEMENT_3));
        sb.append(DASH);
        sb.append(raw.substring(GUID_SUBSTRING_ELEMENT_3));

        return sb.toString();
    }

    /*
     * Demonstraton and self test of class
     */
    public static void main(final String[] args) {
        for (int i = 0; TEST_LIMIT > i; i++) {
            final RandomGUID myGUID = new RandomGUID();
            System.out
                    .println(new StringBuffer().append("[main] Seeding String=")
                            .append(myGUID.valueBeforeMD5).toString());
            System.out.println(new StringBuffer().append("[main] rawGUID=").append(myGUID.valueAfterMD5).toString());
            System.out.println(new StringBuffer().append("[main] RandomGUID=").append(myGUID.toString()).toString());
        }
    }
}
